CVE-2025-5734
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-17
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | x15_firmware | 1.0.0-b20230714.1105 |
| totolink | x15 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5734 is a critical buffer overflow vulnerability in the TOTOLINK X15 router firmware version 1.0.0-B20230714.1105. It occurs in the HTTP POST request handler at the endpoint /boafrm/formWlanRedirect, specifically involving the redirect-url parameter. The vulnerability arises because the input buffer is copied to an output buffer without verifying that the input size fits, leading to a buffer overflow. An attacker can remotely exploit this by sending a specially crafted POST request, potentially causing denial of service or other impacts. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without authentication, making it highly accessible. Exploitation can impact the confidentiality, integrity, and availability of the affected system. It may lead to denial of service (DoS) conditions or potentially allow attackers to execute arbitrary code or disrupt router operations, thereby compromising network security. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests to the endpoint `/boafrm/formWlanRedirect` on the TOTOLINK X15 router firmware version 1.0.0-B20230714.1105. Specifically, look for suspicious or unusually large payloads in the `redirect-url` parameter that could trigger a buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on POST requests to this endpoint. For manual detection, you can use tools like curl or wget to send crafted POST requests and observe the router's behavior. Example command to test the endpoint: `curl -X POST http://<router-ip>/boafrm/formWlanRedirect -d "redirect-url=<large_payload>"` where `<large_payload>` is a very long string to test for buffer overflow. Additionally, monitoring router logs for crashes or reboots after such requests can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected TOTOLINK X15 router firmware version 1.0.0-B20230714.1105 with an alternative product or firmware version that is not vulnerable, as no known countermeasures or patches are currently available. Until replacement, restrict access to the router's management interface from untrusted networks to reduce exposure. Implement network-level protections such as firewall rules to block or limit HTTP POST requests to the `/boafrm/formWlanRedirect` endpoint. Monitoring and alerting on suspicious POST requests targeting this endpoint is also recommended to detect exploitation attempts early. [2]